Cracking LifeLock: Even After a $12 Million Penalty for Deceptive Advertising, the Tempe Company Can't Be Honest About Its Identity-Theft-Protection Service

It's been two months since the feds tried to gut LifeLock with a $12 million penalty for deceptive advertising, and the company's Web site still boasts that it can protect people from identity theft.

The Tempe-based company has spent millions of dollars since 2006 on ads that broadcast CEO Todd Davis' Social Security number. Customers pay $10 to $15 a month for the supposed protection — and for LifeLock's "$1 million guarantee" if the protection fails.

On one LifeLock Web page, www.todddavislifelock.com, active until early May, Davis stated that he's "absolutely confident LifeLock is protecting my good name and personal information, just like it will yours."

But the evidence shows that he shouldn't be the slightest bit confident in LifeLock's ability to protect his name or personal data.

In June 2007, in the wake of a New Timesarticle that exposed how LifeLock was founded with lies, news leaked that Davis had become the victim of identity theft. A man in Texas had used Davis' ID to take out a $500 loan, and Davis didn't know about it until the unpaid account went to a collection agency.

In the following months, Davis and LifeLock worked hard to spin the story into something positive. Davis claimed in an interview with MSNBC in May 2008 that the Texas incident was the one and only time anything like that had ever happened to him.

Another LifeLock page dedicated to Todd Davis, (www.lifelock.com/todd-davis) claimed (until it, like the other Davis page, was removed by LifeLock on May 4 following inquiries by New Times) that Davis "has looked to LifeLock for protection after an identity theft . . . but only once, and LifeLock was there to help."

New Times has learned, though, that the Texas incident wasn't a fluke.

In October 2007, a few months after news broke that Davis had become a victim, someone in Albany, Georgia, opened an AT&T wireless account using Davis' personal info, a Chandler police report shows. (See the PDF version of the report.)

As Todd Davis tried to deflect the bad press in the wake of the Texas crime, the Albany resident was racking up hours on a cell phone in Davis' name.

By the time AT&T cut off the person, he or she had amassed a large, unpaid bill. The amount with which AT&T was stuck wasn't disclosed, but in the fall of 2008, the phone company authorized a collection agency to try to recover a $2,390 debt.

That's when LifeLock and Davis finally learned of the theft.

A LifeLock employee reported the identity crime to Chandler police on November 21, 2008, while Todd Davis was traveling out of state.

After a short time on the case, Chandler forwarded it to police in the Georgia city, which still is still investigating. Phyllis Banks, a spokeswoman for the Albany agency, tells New Times that investigators went to the address listed on the bill and interviewed a local woman, but no arrests had been made.

When Albany investigators phoned Davis about the crime last year, "they were very familiar with him" and how he'd publicized his Social Security number, she says.

"It's unfortunate he chose to conduct business in that way," Banks says. "It's not fair to [AT&T] because they're losing a pretty substantial amount of money."

Yet AT&T wasn't the only company getting screwed by LifeLock's advertising scheme — because plenty more criminals have made use of Davis' data.

Records show that LifeLock representative Tamika Jones called the Chandler PD again in February 2009 to report a slew of fraudulent accounts opened in Davis' name.

As with the AT&T account, the amounts owed on the fraudulent accounts were not revealed in the police report — only the amounts sought by various companies and collection agencies, listed below. Because these companies often forgive or waive a percentage of the bills of debtors, the dollar amount of the losses could easily be higher.

More cell-phone service was fraudulently charged to Davis: Someone opened a Verizon account in New York, leaving behind unpaid bills of at least $186.

An account at Centerpoint Energy, a Texas utility, was opened. At least $122 went unpaid.

Fake Davises owe $573 to Credit One Bank and $312 to Swiss Colony, a gift-basket company.

Two other accounts, one for USA Savings Bank and a Gap credit card, were opened successfully in Davis' name but showed zero balances as of early 2009.

There were also multiple dings by collection agencies: Bay Area Credit, $265; two for Associated Credit Services, $207 and $213; and two for Enhanced Recovery Corporation, $250 and $381. Finally, there was a NCO/Fin 22 collection-agency account for $2,390, which could be the AT&T bill (considering the identical amount).

Full details as to what happened with these accounts could not be obtained from Davis. But it's clear that criminals in different locales have used Davis' ID to obtain a host of loans, goods, and services.

Davis' personal ID hasn't been merely abused since he began advertising his SSN — it's been gang-raped.

Counting the Texas incident, he's been a victim at least 13 times since 2007.

More such incidents may exist — Davis should know how many. He could reveal his credit reports from the past few years, if he wanted customers to know the truth. But LifeLock refused to discuss Davis' role as a frequent identity-theft victim or answer any other questions from New Times for this story.

The fact that Davis has fallen victim to so many con artists illustrates how LifeLock cannot steel anyone from identity theft. Even with new features intended to improve upon LifeLock's original service, the company failed to save the boss' identity from getting used over and over again.

And, as Davis insisted on the company's Web site, LifeLock customers can expect the same protection he himself has received.

New Times' May 2007 story (linked above) showed how the company used deception and fear to drum up business.

LifeLock's co-founders, Richard Todd Davis and Robert J. Maynard Jr., told reporters across the country that Maynard had once spent a week in the Maricopa County jail, falsely accused of crimes, because his identity had been stolen. The 2003 incident was the inspiration for the company, they said.

Official records and interviews with authorities in Nevada proved the story a fable. Maynard had been arrested and jailed here, all right — because he'd failed to pay back a $16,000 gambling marker at the Mirage casino in Las Vegas. Like bouncing a check, that's a crime. Nevada authorities dropped the charges after Maynard, from his cell, managed to scrape together the cash.

The article also revealed that Maynard, the Valley businessman who was principally behind LifeLock during its 2005 inception, was banned for life in the 1990s from the credit-repair industry.

Then there was this ironic tidbit: Maynard's own father, Valley optometrist Robert Maynard Sr., accused him of identity theft.

Maynard Jr. resigned from the company that June, right about the time news broke of the $500 loan taken out in Davis' name. Before the summer of 2007, LifeLock had received barely a word of negative press. Since then, though, criticism and legal problems have plagued the company on a number of fronts — fueled partly by LifeLock's incessant, in-your-face (or ears, since the firm does lots of radio) advertising.

There were many arguably excellent reasons not to sign up for LifeLock, critics noted, one of the strongest being that anybody with average intelligence and a computer can perform its most touted service, setting fraud alerts on a personal credit file, for free in minutes. Supposed insiders also claimed LifeLock's customer data wasn't secure, putting customers at risk of the very sort of crime LifeLock purports to prevent.

Lawyers began drawing up class-action lawsuits for aggrieved customers. And Experian, one of the big three national credit bureaus, sued LifeLock in early 2008 over its abuse of a federal law set up to help consumers.

The Federal Trade Commission, despite agreeing with New Times that a case of false advertising could possibly be made on the story of Maynard's jailing, did nothing at the time. Neither did state Arizona Attorney General Terry Goddard.

Meanwhile, LifeLock, founded with millions of dollars in seed money from venture capitalists like Bessemer Venture Partners and Goldman Sachs, kept pumping out ads that grew its customer base to amazing heights.

Despite naysayers' questions, LifeLock boasted in May 2008 that it had signed up its millionth customer. LifeLock was — and remains — a cash machine.

Such phenomenal success helped the company weather its two biggest legal challenges: the first in October 2009, when the company settled with Experian and agreed to stop setting fraud alerts on behalf of its customers; the second when the FTC hit LifeLock with the $12 million penalty.

Though the FTC took all the cash LifeLock had on hand, the settlement didn't stop investors from re-energizing the company with millions of dollars in new capital.

From the start, one of LifeLock's strengths has been its aggressive marketing campaign, and the result hasn't just meant customers. LifeLock has wormed its way into Americana, holding itself up as a beacon of identity-theft awareness and education. It's bought its way onto race cars, the jerseys of the Phoenix Mercury, and onto the signage at US Airways Arena, where the Mercury and Phoenix Suns play.

Davis and LifeLock's marketers, likened to "con artists" by the FTC's chairman, have even ingratiated themselves with law enforcement agencies around the country, using their ill-gotten gains to help pay for identity-theft summits. The arrangements give LifeLock the legitimacy it seeks to counter the claims of consumer advocates.

"They've successfully put the good before the bad," says Robert Siciliano, a Boston author and speaker on identity-theft issues. "That's a strategy that many politicians have perfected. It's one LifeLock has done well with, also."

The FTC settlement is supposed to prevent the company from lying about the effectiveness of its service, but there's a fine line in American advertising as to such things. Authorities vow to keep monitoring LifeLock. In turn, LifeLock will probably try to keep refining its advertising messages — as in the examples of the Web pages taken down after questions by New Times — until it drops off the FTC's radar.

Yet Robert J. Maynard's brainchild thrives mainly because it misrepresents the truth. It has to. Otherwise no one would believe it could keep his or her identity safe, the fundamental concept that drives customers to LifeLock.

Even after it was toned down, the false promise of effective protection against identity theft remains integral to LifeLock's advertising.

LifeLock's modus operandi appears based on one of Sun Tzu's maxims in The Art of War: Deception is everything.

When LifeLock began in 2005, its founders pushed for all the free publicity they could get in the news media. Maynard and Davis misrepresented the facts about the founder's jail stint, implying that the same thing could happen to people who don't try to protect themselves. And they lied about the level of prevention the company could offer.

Then they hit upon a unique idea for a major advertising campaign in early 2006. Davis, Maynard, and Mike Prusinski, the company's spokesman and vice president of communications, began giving out their Social Security numbers to the press.

Wisely, Prusinski and Maynard quit the practice early on. But Davis put his nine-digit number on a flatbed truck, using the image in ads nationwide while claiming that LifeLock made his personal data "useless to criminals."

Ads emphasized the "guarantee," claiming that LifeLock would "cover all losses and expenses up to $1 million."

The claims were bogus. Savvy folks could see right through them.

In the terms of the guarantee, if potential customers bothered to read them, the company doesn't promise to pay anyone a dime. That's if it covers a theft at all, because the guarantee is full of exceptions. For instance, LifeLock won't cover phishing scams or other popular ways to steal identities that involve duping someone into releasing personal data.

The company agreement says if you become a victim "because of a failure or defect in the Services, LifeLock will retain and pay for those third party professional services that are reasonably necessary in LifeLock's judgment to assist you in restoring losses or recovering your lost out-of-pocket expenses caused by such fraud."

Consider the phrase "reasonably necessary in LifeLock's judgment," for instance.

Customers and non-customers complained. In May 2008, lawyers in New Jersey filed the first class-action lawsuit against LifeLock. Not only was the service a useless waste of money, the suit alleged, but the constant setting of fraud alerts harmed customers' credit scores.

Credit bureau Experian beat the class to court. In a lawsuit filed in February 2008, Experian ripped LifeLock for its misleading marketing campaign but aimed primarily to kill LifeLock's fraud-alert feature.

As mentioned, LifeLock's main service until last August was to set fraud alerts on consumers' credit files. The alerts are like red flags in the computer files of the Big Three credit bureaus: Experian, TransUnion, and Equifax.

If a thief tries to open a line of credit, the company offering the new account will stumble on the alert when it runs a credit report. That, in turn, should mean the thief's attempt to open the new account gets thwarted.

LifeLock's main service used to be placing such a red flag on credit files for each of its customers, every 90 days. As its customer base grew by tens, then hundreds of thousands in 2006 and 2007, LifeLock became a burden and a competitor to Experian.

Not that the credit bureaus deserve much sympathy, but Experian ended up stuck with a sizable unfunded mandate because of the way LifeLock exploited the law.

When a person requests a fraud alert with one of the bureaus, the Fair and Accurate Credit Transactions Act requires the bureau to not only place the alert on file, but to notify the other two bureaus about it.

The law allows only individuals, not companies, to call for the alerts. But LifeLock and one of its competitors, Texas-based Debix, put the law to the test.

LifeLock called Experian's fraud hotline up to 15,000 times a day to request fraud alerts, the credit bureau's suit alleged. LifeLock apparently used Experian's system the most because it was more convenient, and every time the company called Experian's toll-free number, Experian was charged about 60 cents, its lawyers claimed.

The wily LifeLock began by calling thousands of times a day from a Canadian phone number. When the credit bureau struck back, blocking calls from the number, LifeLock began using numbers in Pennsylvania to make the bulk calls. Every time the credit bureau tried to stem LifeLock's calls, the company switched its outgoing phone banks.

Experian's chief competitors, TransUnion and Equifax, weren't anti-LifeLock; they even helped LifeLock "launder" some of the fraud alerts that Experian had to deal with, the suit stated.

No doubt, much of Experian's problem with LifeLock had to do with Experian's running its own identity-theft protection racket.

In 2005, Experian was slapped with a $950,000 penalty by the FTC for its misnamed www.freecreditreport.com Web site, which duped people into buying an expensive credit-monitoring service and lured away consumers from the government's real free credit report Web site, www.annualcreditreport.com.

At one point during the antitrust trial, held in Santa Ana, California, Experian lawyer Thomas Malcolm admitted that Experian's "sister company," CIC (a.k.a. freecreditreport.com), even issued hundreds of fraud alerts for its customers between August 2007 and February 2008 — until Experian's legal department got wind of the program and shut it down.

"Experian doesn't compete with LifeLock," Malcolm argued. "Experian is being, essentially, bludgeoned to death — bloodied — by LifeLock on a daily basis."

LifeLock's lawyer contended that CIC issued fraud alerts until the month that Experian filed its lawsuit. Experian was just sore that its fraud-alert service hit the market too late and failed, from LifeLock's point of view.

Despite Experian's apparent hypocrisy, U.S. District Judge Andrew Guilford ruled in May 2009 that LifeLock's practice of setting the alerts for customers was illegal. LifeLock halted the practice a few months later as part of its settlement with Experian. (Debix dropped its fraud alerts, too.)

The weirdest part of all this was that LifeLock's deception ran so deep that its target audience barely noticed what happened.

Since its inception, the company had emphasized that the feature that made it different than competitors — the service that was the very backbone of LifeLock's ID-theft protection — was that it set fraud alerts for customers.

After LifeLock lost the suit to Experian and the fraud alerts were stopped, the company claims, it went from 1.5 million customers in late 2009 to 1.6 million as of this year.

LifeLock's customers, arguably a gullible group to begin with, must be asleep at the switch.

A few months after the Experian settlement, LifeLock settled complaints about its advertising practices with the FTC and 35 state attorneys general.

FTC Chairman Jon Leibowitz flew to Chicago to make the March 18 announcement alongside Illinois AG Lisa Madigan, who had spearheaded the authorities' effort. Arizona AG Terry Goddard merely was one of the 35, though the company is a short drive from his office.

In a made-for-TV quote, Leibowitz referenced one of Davis' advertising stunts and told reporters, "The protection LifeLock actually provided left such a large hole in it that you could drive [a] truck right through it."

Although LifeLock customers received "some benefits," they were far too few to justify the monthly fee of $10, Leibowitz said.

LifeLock was ordered to pay $1 million to the states and $11 million to the feds, to be used for customer refunds and consumer education. The actual settlement was for $35 million, but the FTC agreed to take just what LifeLock had in the bank at the time. An "avalanche clause" would be triggered if the government found out LifeLock had more cash stuffed in some secret account.

But there was no prohibition against taking in new funds from investors.

Although LifeLock was a con, the company would be allowed to stay in business, Leibowitz said.

Leibowitz said at the time that LifeLock's marketers had "changed their business model to some extent, and, going forward, it is far more within the realm of a legitimate business model with honest advertising to consumers."

Besides the $12 million payment, the FTC order requires LifeLock to be truthful in its marketing claims and to develop a data-security program.

LifeLock had all but the left the door wide open for a severe data breach, a lack of security for its customers' data that was "especially shameful" for a company that claimed to prevent identity theft, Leibowitz said.

David Lincincum, a staff attorney with the FTC, tells New Times that the order also called for Davis to pay $10,000 personally for his role in the scheme.

The government negotiated a separate settlement with Maynard (who left LifeLock in June 2007) that didn't require a payment from the co-founder.

Still, the order bans Maynard from conning people through any data-security or identity-theft service he may start up in the future, Lincincum says. If he's in charge of data security anywhere, a third party has to audit his work.

Of course, the 1996 FTC order banning Maynard for life from the credit-repair industry didn't stop him from launching LifeLock, which purports to help people fix problems with their credit files. Lincincum doesn't have much of an answer for why Maynard wasn't dealt with more harshly this time around.

"We obviously are not thrilled to see someone a second time," he says drily. "At the end of the day, we had to make a decision."

The FTC settlement also is taking care of the dozen class-action lawsuits against LifeLock that amassed in various states over time. As of last August, the suits had been consolidated and a Valley firm, Hagens Berman Sobol Shapiro, was handling the case.

Rob Carey, a partner in the firm and one of the lead lawyers in the case, says the class action will "go away" because of the settlement but that individual plaintiffs can opt out and sue on their own.

The consolidated action had asked for an end to the fraud alerts, which has already happened thanks to the Experian suit, and demanded that LifeLock tell customers explicitly that the $1 million guarantee doesn't cover payment of losses because of identity theft.

Some LifeLock clients were under the impression that the company would not only help them repair their credit but would also make them whole for their losses — only to find out that the company had misled them.

A ruling by U.S. District Judge Mary Murguia on attorney fees in the various lawsuits is due by July — Carey says the amount LifeLock will have to pay should be no more than $1.9 million, to be split among the lawyers.

Former and current LifeLock customers can apply for refunds by contacting the FTC (see www.ftc.gov/lifelock) or by waiting to receive an FTC letter stating they're eligible for refunds. There's no predicting how many customers will ask for their money back.

The FTC settlement was embarrassing for at least two of the 35 participating state attorneys general, thanks to LifeLock's partnership with the national Law Enforcement Executive Development Association, known as FBI-LEEDA.

The 19-year-old FBI-LEEDA, based in Malvern, Pennsylvania, helps educate cops in the latest crime-fighting trends and keeps them plugged in with veterans and specialists. It's affiliated with the FBI, to an extent: An FBI liaison to the association's executive board, currently Agent Charles Robb Jr., gets paid by the bureau for his work with the association. Robb didn't respond to a request for an interview.

The nonprofit organization has two "Premiere Level" sponsors: Purdue Pharma and LifeLock. The Tempe company pays $25,000 a year for the honor, according to FBI-LEEDA's Web site. LifeLock makes DuPont (maker of Kevlar), Scottsdale-based Taser International, and Glock — who sponsor at the platinum, gold and bronze levels, respectively — look cheap.

For the past couple of years, LifeLock also has sponsored high-profile ID-theft-focused training seminars with FBI-LEEDA, paying for keynote speakers, continental breakfasts, and box lunches for hundreds of attendees. The organization's executive director, Tom Stone, supports LifeLock wholeheartedly.

Stone tells New Times that LifeLock pays all that money to FBI-LEEDA because "as a corporate citizen, they are giving something back to the community."

The former chief of police from Virginia emphasizes that the FTC's settlement was a civil, not criminal, penalty. He dismisses concern about the company's reputation, saying he has no response to the FTC's findings.

"I'm not going to attempt to go there," Stone huffs. "As far as what happened with the FTC and anything civilly, it's not within my purview."

Taking LifeLock's money, though, is apparently within his purview.

For other government law offices, the relationship with LifeLock has soured after the FTC action.

The first FBI-LEEDA/LifeLock summit following the FTC's March announcement about LifeLock was on April 20 in Charlotte, North Carolina.

An FBI-LEEDA flier said the event would be hosted by North Carolina's Charlotte-Mecklenburg Police Department and its police chief, Rodney Monroe.

Monroe had been scheduled to speak at the summit, but his planned participation irked North Carolina Attorney General Roy Cooper, one of the officials who had gone after LifeLock. Cooper called Monroe the week before the summit and asked him not to go, says Charlotte-Mecklenburg police Sergeant Walter Bowling. The chief acquiesced and skipped the summit.

"It was out of respect for the AG's office," Bowling says. "There was some discomfort with [Chief Monroe] coming out, putting his face out to it."

Stone claims he's "unaware" that the chief ever was supposed to go to the summit or give a speech. He notes that about 25 members of the Charlotte-Mecklenburg department still showed up.

Bowling, who helped organize his department's participation in the summit, says he researched LifeLock beforehand and decided the company was sincere about improving. He's no apologist like Stone, admitting, "I'm not an idiot — I know they get some benefit from it."

Cops benefited from the summit, he adds, by gaining valuable knowledge from the expert speakers on tackling identity crimes. LifeLock's funding helped make it happen.

"It's difficult in these economic times to find and attend training," Bowling writes in an e-mail.

Nevada's another state whose law-enforcement connection to LifeLock — in light of the recent FTC ruling — comes off as both ironic and hypocritical.

Last June, the Nevada attorney general's office co-hosted one of the summits with FBI-LEEDA and LifeLock.

Nevada's AG, Catherine Cortez Masto, smiles in a picture with Todd Davis taken at the event as if they're the best of friends. LifeLock used the picture prominently on a Web page about the summits — even after Masto joined the FTC and the 34 other attorneys general in targeting the firm for legal action.

A spokeswoman for the Nevada attorney general's office, Edie Cartwright, says there are "no plans" to host another LifeLock-linked summit. She thanked New Times for the heads-up on the photograph of Masto and Davis.

"We did not realize that was on their site," she said. "And they had not asked for permission so we requested that they remove it." (LifeLock took down the picture.)

Though appreciative at first, Cartwright became terse when asked whether Masto could come to the phone to talk about the picture and past dealings with LifeLock.

"There's no quote," she said stiffly.

Now, a detour to Waikiki.

No story about LifeLock would be complete without describing what happened to the charismatic, veracity-challenged Robert Maynard Jr. after he resigned from LifeLock. Maynard's a fascinating character — a former Marine, brilliant, ambitious to a fault, and a sufferer of bipolar disorder and depression.

New Times' 2007 article covered Maynard's background in detail. The Northern Arizona University graduate emerged from a bankruptcy in the mid-1990s to become a millionaire as the head of the National Credit Foundation, a shady credit-repair company. But his overspending and risky investments had put him back into deep debt by 2005, when he filed another bankruptcy.

Though he had to leave LifeLock well before its peak, he reportedly retained a 10 percent equity in the firm. LifeLock put millions of dollars into Maynard's bank accounts.

Then, Maynard moved to Hawaii in 2008 and blew much — or possibly all — of his LifeLock fortune on a failed ocean-adventure business. The business hired more than 250 people for a time but later left employees hanging without a final paycheck.

Kandoo Island, as the venture was called, sounded like great fun. Maynard and his partner, Dale Smith, bought a 148-foot catamaran, parked it in the water off Waikiki Beach and outfitted it with toys and amenities for tourists.

It was a high-profile move that attracted lots of local interest. Maynard told the press he planned to invest about $7 million in Kandoo, which would offer parasailing, jet-skiing, scuba diving, and other water sports to thrill-seekers by the summer of 2009.

When Honolulu Star-Bulletin reporter Susan Essoyan approached Maynard last June for an interview, the former Phoenix resident talked about his past scandals. He admitted that his credit-repair company had tried to "take advantage of the system," according to Essoyan's article, chocking up his bad decision-making to "youthful inexperience."

He also claimed the "gambling spree," which resulted in his unpaid casino marker in 2003, was the result of "electroconvulsive" therapy in an unsuccessful bid to treat his depression. The treatment gave him manic spells and memory loss, Essoyan reported. He related how his marriage ended and that he attempted suicide in 2002.

In 2005, he began taking proper medications for his illness and turned his life around, he told Essoyan. That was the year he founded LifeLock.

The Star-Bulletin article seemed to contradict the accusation by Maynard's dad that his son had improperly taken out an American Express card using the elder Maynard's SSN. Though Robert Maynard Sr. had confirmed in July 2007 that New Times had quoted him correctly in "Money for Nothing," the optometrist told the Hawaii reporter that he and Maynard Jr. had acquired the card together. Apparently, father and son have mended fences. Maynard Sr. declined to comment for this article.

The Coast Guard cleared Kandoo Island to launch in early August of last year. The "Big Doo" (as Maynard liked to be called at the time) and his crew took customers out on the catamaran every day for about two weeks.

Then the money stream ran dry. Maynard and Smith had under-funded Kandoo Island, and they couldn't make scheduled payments for the substantial insurance premiums required for the adventure business.

Jesse Berbig, 30, who worked as the kitchen manager, feels raw about getting stiffed for about $1,500 in final wages. He put in plenty of overtime, working six or seven days a week, he says.

"I did right by [Maynard] all summer, and now I can't get him on the phone," Berbig says.

E-mails to the staff by Maynard, forwarded to New Times by Berbig, show the former LifeLock exec was struggling to find new funding within days of bringing the first customers on board.

"Money has turned incredibly tight," Maynard wrote in an e-mail to the "krew," as he called them, on August 10. "My family put every dollar, literally, that we had into getting this project ready, more than double what we had planned."

Two financing deals "fell through literally at the closing table," he wrote. "We are in the crucible right now. If you can make it along with us through this difficult time, we will share in the rewards financially."

By August 23, Maynard was apologizing for bounced checks, telling his workers that it was "absolutely mortifying to me that things got so out of control so fast here."

Maynard has been named in at least two lawsuits regarding Kandoo. In one, the Hawaii National Bank seeks at least $4.1 million from another local business, Morning Star Cruises. The bank wants to put Maynard Jr. on the hook for $1.6 million of that, stating in the action that Maynard owes that amount to Morning Star for two smaller boats and ocean equipment.

The other lawsuit alleges that Kandoo Island failed to pay a $19,000 bill for maintenance on the catamaran.

Reached by phone in Hawaii, Maynard declined to discuss his financial situation, saying it's too personal. He was friendly enough, despite past avowals that he would never speak to this newspaper again.

During the short conversation, he was asked why he risked the money he had made from LifeLock. "I got carried away," he said. "I loved the idea, and I ran out of money."

He insists that Berbig and any other Kandoo employees who weren't paid will eventually get that last paycheck.

And who knows? With Maynard's record, he could be sitting pretty again in a couple of years. As long as he stays away from false advertising, he may even keep the FTC off his back.

"My name is Montel Williams," the former talk-show host says on LifeLock's home page. "LifeLock offers me much more than identity-theft protection. They give me true peace of mind. Don't let thieves take what you and your family have worked so hard for."

Yet Williams' quote captures part of the reason for LifeLock's explosive growth and customer retention.

It's like retail therapy. The important thing for customers is that they are paying for something that makes them feel good. Never mind that it's a placebo.

But their "peace of mind" will indeed be shaken if they do fall victim. If thieves use your personal data, you will have to deal with it, LifeLock member or not.

Not only can't LifeLock prevent identity theft, it can't do so much for customers who get ripped off. As the Davis example shows, LifeLock members still have to deal with the problems any victim would face.

Surely, Davis' "peace of mind" must have been shaken by his myriad experiences with identity theft.

He's gotten calls from collection agencies, from police. He's been asked to fill out forms and has had to work with his company (and possibly the folks it hires, because it can't do this stuff alone) in an attempt to convince the credit bureaus that he's not the deadbeat they're looking for. (It's possible they might not believe him, since he filed for personal bankruptcy in 2000, before he was involved with LifeLock.)

The FTC's settlement has not stopped LifeLock from pushing its bogus message of protection and security on its Web site, or in its ads. The prominent testimonials on LifeLock's home page, like the one from Montel Williams, contain verbiage similar to catchphrases used in ads that the FTC says were misleading.

For instance, the FTC expressed concern about this LifeLock message in its March 9 news release: "Do you ever worry about identity theft? If so, it's time you got to know LifeLock. We work to stop identity theft before it happens."

Compare that to Ishana Wieczerzak's testimonial displayed on LifeLock's home page. Wieczerzak states that after a co-worker's theft of her personal information to obtain a credit card, "protecting my identity . . . was a full-time job. I had enough, so I found LifeLock, and now they help protect my identity."

It's just a somewhat softer peddle of the same message.

Perhaps the "old" LifeLock really offered a scintilla of protection, as the FTC acknowledged. It's possible that putting your credit file in a permanent state of red alert might have prevented some new-account crimes (though doing so may also have reduced your credit score, LifeLock's critics contend). But what about today's LifeLock, which no longer sets fraud alerts for its customers?

In the middle of last year, LifeLock unveiled a "new" service to replace the fraud alerts. It really isn't that new. LifeLock's Web site states that the "better and broader identity-theft protection system" will:

• "Use more sophisticated and more scientific algorithms to spot identity fraud.

• "Examine patterns over time across the entire network to help predict future identity risks and vulnerable members.

The phrase "more sophisticated and more scientific algorithms" suggests that LifeLock already was employing "algorithms" — though less-scientific ones. And what are "algorithms," anyway? Just a fancy term for a "step-by-step, problem-solving procedure," according to one dictionary definition.

The other two bullet points sound just as vague and hokey.

In April 2008, LifeLock rolled out a major new feature called eRecon, which supposedly trolls thousands of Web sites used by hackers for signs of customers' personal data. The feature appears to have had little benefit for Todd Davis, since it was in effect during the year that criminals repeatedly exploited his identity.

The service that LifeLock now provides seems so nebulous that customers ought to wonder whether they can qualify for the $1 million guarantee under any circumstances. After all, the guarantee is triggered only if LifeLock's service fails or is defective.

Before, if LifeLock failed to place a fraud alert and a new account was opened in your name, you qualified for the guarantee. Now, judging by information LifeLock puts out, customers trying to take advantage of the guarantee must prove that LifeLock failed to "examine patterns over time" or perhaps used an "algorithm" that wasn't "scientific" enough.

A testimonial used in the company's advertising from an alleged customer named "Gary Johnson" touches on this problem.

"If I had joined LifeLock sooner, they would have alerted me when my personal information was used to apply for credit or services within their network," Johnson states.

LifeLock members would be wise to make the company spell out exactly what is "within [the company's] network" before signing up. New Times could find nothing on LifeLock's Web site that states what it considered inside or outside its "network."

Customers may also want to inquire how many of the new accounts successfully opened in Davis' name would have fallen within this "network."

LifeLock claims that its new service provides better protection than ever.